Apple removes several apps that could spy on encrypted traffic | Ars Technica Remember Superfish?
LENOVO PCS SHIP WITH MAN-IN-THE-MIDDLE ADWARE THAT BREAKS HTTPS CONNECTIONS [UPDATED]
Superfish may make it trivial for attackers to spoof any HTTPS website.
In any event, third-party root certificates installed on any device—whether it's a computer or phone—can have an extremely powerful effect on security and privacy. A case in point is Lenovo's former practice of selling computers that were preloaded with a self-signed root HTTPS certificate that intercepted and decrypted encrypted traffic for every website a user visited. When users visited an HTTPS-protected site, the adware known as Superfish used the self-signed certificate to encrypt the traffic and bypass the trusted key provided by the visited site.